Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2010-2956
HistoryAug 31, 2010 - 12:00 a.m.

CVE-2010-2956

2010-08-3100:00:00
ubuntu.com
ubuntu.com
10

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not
properly handle use of the -u option in conjunction with the -g option,
which allows local users to gain privileges via a command line containing a
“-u root” sequence.

Notes

Author Note
jdstrand root escalation, but requires non-standard sudoers setup sudo 1.6 is not affected (does not have ‘-g’ option)
OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchsudo< 1.7.0-1ubuntu2.5UNKNOWN
ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.2UNKNOWN

Related

fedora 3
openvas 21
nessus 17
redhat 1
prion 1
slackware 1
debiancve 1
ubuntu 1
veracode 1
oraclelinux 1
freebsd 1
securityvulns 2
centos 1
cve 1
gentoo 1
vmware 2
fedora
fedora
[SECURITY] Fedora 13 Update: sudo-1.7.4p4-1.fc13
2010-09-11 09:03:30
[SECURITY] Fedora 12 Update: sudo-1.7.4p4-2.fc12
2010-09-28 05:28:31
[SECURITY] Fedora 14 Update: sudo-1.7.4p4-1.fc14
2010-09-15 07:09:06
openvas
openvas
CentOS Update for sudo CESA-2010:0675 centos5 i386
2011-08-09 00:00:00
Slackware Advisory SSA:2010-257-02 sudo
2012-09-11 00:00:00
Ubuntu Update for sudo vulnerability USN-983-1
2010-09-10 00:00:00
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2010-257-02)
2010-09-15 00:00:00
CentOS 5 : sudo (CESA-2010:0675)
2010-09-13 00:00:00
openSUSE Security Update : sudo (openSUSE-SU-2010:0591-1)
2014-06-13 00:00:00
redhat
redhat
(RHSA-2010:0675) Important: sudo security update
2010-09-07 00:00:00
prion
prion
Design/Logic Flaw
2010-09-10 19:00:00
slackware
slackware
[slackware-security] sudo
2010-09-15 03:39:34
debiancve
debiancve
CVE-2010-2956
2010-09-10 19:00:00
ubuntu
ubuntu
Sudo vulnerability
2010-09-07 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:47:56
oraclelinux
oraclelinux
sudo security update
2010-09-07 00:00:00
freebsd
freebsd
sudo -- Flaw in Runas group matching
2010-09-07 00:00:00
securityvulns
securityvulns
[USN-983-1] Sudo vulnerability
2010-09-12 00:00:00
sudo privilege escalation
2010-09-12 00:00:00
centos
centos
sudo security update
2010-09-12 16:45:07
cve
cve
CVE-2010-2956
2010-09-10 19:00:00
gentoo
gentoo
sudo: Privilege Escalation
2010-09-07 00:00:00
vmware
vmware
VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
2011-01-04 00:00:00
VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
2011-01-04 00:00:00

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON
Related for UB:CVE-2010-2956
fedora3openvas21nessus17redhat1prion1slackware1debiancve1ubuntu1veracode1oraclelinux1freebsd1securityvulns2centos1cve1gentoo1vmware2